What's on your Mind?
- How do I respond to this evolving threat landscape?
- Is my organisation at risk from confidential data leakage?
- How are my competitors addressing these challenges?
- How do our suppliers handle our sensitive data?
- What are the risks associated with adopting new channels and technologies?
- How do I comply with the legislation, regulation and industry requirements?
Bringing you Peace of Mind
We work with our clients to answer these questions and more. Some of our core service offerings are listed below:
- Strategic security remediation and improvement programmes, including planning, design and management
- Data leakage prevention assessments and incident response
- Benchmarking across peer organisations and CISO roundtable discussions
- Secure system design and advice on identity and access management
- Supplier risk reviews and definition of good practice governance and processes
- Risk advisory for new channels and technologies, as well as process definition and technology selection
- Security assurance activities through UKAS accredited ISO 27001 certification and penetration testing
What's in it for you?
- New products and services are launched and operated with confidence
- Confidence and assurance that information security risks are understood and managed
- Accelerated remediation activity to reduce risk
- Knowledge of industry leading practices to managing security
- Cost effective compliance with security and privacy legislation, regulations and industry requirements
- Award winning - We were awarded the “Information Security Consultancy of the Year” at the SC Magazine Europe Awards 2012 (and 2011). We received these awards as recognition of our ability to assist businesses with understanding and implementing information security management processes. We have also received an MCA Management Award for Business Strategy (PDF 186 KB) for our work with a leading bank on a major third party security assurance programme.
- Independence - We are not tied into any technology or software vendor. All of our recommendations and technical strategies are based solely on what is fit and appropriate for your business.
- Commitment - Our client relationships are built on mutual trust and long-term commitment to providing effective and efficient solutions, and we are dedicated to providing a service that is second to none.
- Industry knowledge – We are proud to own the I-4 (International Information Integrity Institute), the world’s leading forum for senior information security leaders to collaborate and share knowledge.
Our client, a financial service provider, had suffered a security breach involving customer information at a third party supplier. Mindful of increased regulatory scrutiny and driven by its own determination to secure a tighter grip on its external relationships, they wished to implement a global assessment of the level of security control across all critical suppliers.
What we did
KPMG carried out comprehensive reviews into the data security of all of the client’s high-risk third party suppliers. KPMG engaged its global network of technical specialists and programme management experts to ensure that the programme was mobilised within hours of initial contact with the client.
- A data security assessment report for each of the third parties – we reviewed 360 suppliers globally in five weeks.
- Assistance with remediation planning for some suppliers following the discovery of 'major' findings.
- The client could demonstrate to the regulator that they were taking full and appropriate action to adequately address the issues, thereby avoiding any imposed remedial action.